The OpenBSD project distributes a binary base system and packages, built from sources at release time. Any security issues or stability fixes after release require sources to be rebuilt by the end user. While this may not be much of an issue with either small deployments or fast systems. Occasionally there might be a need to build your own Stable ISO for repeated installation, or quick installation into low end systems (netbooks?). The procedure at hand is reasonably welldocumented, if slightly dispersed.

For this tutorial I’ll presume you have dedicated a specific multicore AMD64 machine for the purpose of building this Stable ISO, targeting an AMD64 or i386 build. Adjust where required for your own purposes. I’d recommend against execting this procedure on production systems though.

Most steps in this tutorial will take between 5-10 minutes on vaguely recent hardware (Core 2 Duo), unless noted otherwise.

First do a basic install of OpenBSD (6.0 in our particular example). I’d highly recommend to enable NTP for time syncing and perform custom disk slicing, so you have plenty of place in /usr, because you will need it.

Step 1: Preparing sources

Login as regular user, and then su to root. The name of this regular user (and the FQDN) will show up in your newly built kernel’s dmesg.

Then get all the source OpenBSD source tarball and unpack them accordingly.

Step 4: Building Ports (optional)

Optionally you can build some ports, to include on your Stable ISO, for example…

cd /usr/ports/security/gnupg
env FLAVOR= make install

cd /usr/ports/shells/bash
make install

cd /usr/ports/editors/nano
make install

cd /usr/ports/www/links+
env FLAVOR=no_x11 make install

cd /usr/ports/net/wget
make install

cd /usr/ports/net/rsync
make install

cd /usr/ports/archivers/unzip
make install

cd /usr/ports/devel/gmake
make install

cd /usr/ports/lang/go
make install

cd /usr/ports/devel/git
make install

And so on…

You’ll note we’ve been using make install as opposed to make package, as make package won’t pull in dependencies that don’t matter at build-time, but likely will prevent the package from installing properly if missing.

Since OpenBSD 5.5, both the base system and packages are signed for proper releases, the result of the above procedure will produce an unsigned base system and packages, resulting in (expected) signature warnings during installation.

Step 6: Burn

Once you have your freshly mastered ISO, you can burn it to your favorite brand of CD-R: